CentOS5.8下varnish-2.1.5的安装配置
Varnish是一款强大的反向代理加速软件,关于其工作原理可以参考上图,其具体流程及VCL语法我这里就不做说明,网上资料多,大家还可以对照参考其官方网站和《Varnish中文权威指南》。
一、安装CentOS5.8系统环境下的依耐关系
1 2 | yum install gcc gcc-c++ yum install automake autoconflibtool ncurses-devel libxslt groff pcre-devel pkgconfig libtool -y |
二、下载varnish-2.1.5源码包,并进行编译安装。
1 2 3 4 5 | cd /usr/local/src wget http: //repo .varnish-cache.org /source/varnish-2 .1.5. tar .gz tar zxvf varnish-2.1.5. tar .gz cd varnish-2.1.5. . /autogen .sh |
#autogen.sh命令是用来检查软件的依耐关系是否满足,如果报错的话, 则应该如下
正常所示:
1 2 3 4 5 | + aclocal + libtoolize --copy --force + autoheader + automake --add-missing --copy --foreign + autoconf |
继续编译安装:
1 2 | ./configure --prefix=/usr/local/ var nish --enable-dependency-tracking --enable-debugging-symbols --enable-developer-warnings -enable-extra-warnings make && make install && cd ../ |
三、创建varnish用户和组,以及varnish缓存文件和日志存放目录:
1 2 3 4 | /usr/sbin/groupadd varnish /usr/sbin/useradd -s /sbin/nologin -g varnish varnish mkdir -p /data/varnish/ {cache,log} chown -R varnish:varnish /data/varnish/ {cache,log} |
四、我的测试环境是两台Web机器,IP为192.168.1.103(域名为http://www.yuhongchun027.net)的varnish机器对后端IP为192.168.1.104和192.168.1.105的机器进行反向代理加速,其配置文件/usr/local/varnish/etc/varnish/better.vcl如下所示:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 | backend rserver1 { .host = "192.168.1.104" ; .port = "80" ; .probe = { .timeout = 5s; #等待多长时间超时 .interval = 2s; #检查时间间隔 .window = 10; #varnish将维持10个sliding windows的结果 .threshold = 8; #如果是8次.windows检查是成功的,就宣告后端的Web机器 是健康的 } } backend rserver2 { .host = "192.168.1.105" ; .port = "80" ; .probe = { .timeout = 5s; .interval = 2s; .window = 10; .threshold = 8; } } #指定一个名为realserver组,使用random机制,权重越大,分配的访问越多,可根据 服务器性能来设定;而round-robin(轮询)机制是不能指定weight的 director realserver random { { .backend = rserver1; .weight = 5; } { .backend = rserver2; .weight = 6; } } #定义能清理缓存的机器,这里只允许本机能用purge的方式清理 acl purge { "localhost" ; "127.0.0.1" ; } sub vcl_recv { if (req.http.host ~ "^(.*).yuhongchun027.net" ) { set req.backend =realserver; } else { error 200 "Nocahce for this domain" ; } if (req.request == "PURGE" ) { if (!client.ip ~purge) { error 405 "Not allowed." ; } else { return (pipe); } } #获取客户端真实IP地址 if (req.http.x-forwarded- for ) { set req.http.X-Forwarded-For = req.http.X-Forwarded-For "," client.ip; } else { set req.http.X-Forwarded-For =client.ip; } #对HTTP协议中的GET、HEAD请求进行缓存,对POST请求透过,让其直接访问后端Web服 务器。之所以这样配置,是因为POST请求一般是发送数据给服务器的,需要服务器接 收、处理,所以不缓存; if (req.request != "GET" && req.request != "HEAD" ) { return (pipe); } if (req.http.Expect) { return (pipe); } if (req.http.Authenticate|| req.http.Cookie) { return (pass); } if (req.http.Cache-Control~ "no-cache" ) { return (pass); } #对JSP或者PHP文件不缓存 if (req.url ~ "\.jsp" || req.url ~ "\.php" ) { return (pass); } else { return (lookup); } }sub vcl_pipe { return (pipe); }sub vcl_pass { return (pass); }sub vcl_hash { set req. hash += req.url; if (req.http.host) { set req. hash +=req.http.host; } else { set req. hash +=server.ip; } return ( hash ); }sub vcl_hit { if (req.request == "PURGE" ) { set obj.ttl = 0s; error 200 "Purged." ; } if (!obj.cacheable) { return (pass); } return (deliver); }sub vcl_miss { if (req.request == "PURGE" ) { error 404 "Not incache." ; } if (req.http.user-agent ~ "spider" ) { error 503 "Notpresently in cache" ; } return (fetch); } sub vcl_fetch { if (req.request == "GET" && req.url ~ "\.(txt|js)$" ) { set beresp.ttl = 3600s; } else { set beresp.ttl = 30d; } if (!beresp.cacheable) { return (pass); } if (beresp.http.Set-Cookie) { return (pass); } return (deliver); } sub vcl_deliver { if (obj.hits > 0) { set resp.http.X-Cache= "HIT FROM www.yuhongchun027.net" ; } else { set resp.http.X-Cache= "MISS FROM www.yuhongchun027.net" ; } return (deliver); } |
五、启动varnish的命令很长,如下所示:
1 2 3 | /usr/local/varnish/sbin/varnishd -n /data/varnish/cache -f /usr/local/varnish/etc/varnish/better .vcl -a 0.0.0.0:80 -s file , /data/varnish/varnish_cache .data,8G -p user=varnish -p group=varnish -p default_ttl=14400 -p thread_pool_max=8000 -p send_timeout=20 -w 5,51200,30 -T 127.0.0.1:3500 -P /usr/local/varnish/var/varnish .pid |
验证其是否生效可以用curl –I命令,如下所示:
1 | [root@localhost cache] # curl -I http://www.yuhongchun027.net/ |
以下结果显示varnish缓存已经起作用了:
1 2 3 4 5 6 7 8 9 10 11 12 | HTTP /1 .1 200 OK Server: Apache /2 .2.3 (CentOS) Last-Modified: Wed, 28 Aug 2013 16:27:33 GMT ETag: "10d242-e-776b6740" Content-Type: text /html ; charset=UTF-8 Content-Length: 14 Date: Wed, 21 Aug 2013 17:47:48 GMT X-Varnish: 1584727079 1584726982 Age: 10101 Via: 1.1 varnish Connection: keep-alive X-Cache: HIT FROM www.yuhongchun027.net |
六、如果vcl配置文件发生改动,想要不重启而直接reload,可以用如下操作,可以在本机上进行telnet操作,连接3500管理端口:
1 2 3 4 5 6 | telnet 127.0.0.1 3500 vcl.load newconfig /usr/local/varnish/etc/varnish/better .vcl 200 13 VCL compiled. vcl.use newconfig 200 0 |
如果显示有200字样,则表示已经正常reload了,newconfig这个名字是自己定义的,熟悉varnish操作的朋友应该也清楚,通过telnet连接本机还可以进行清理缓存。
七、用varnishadm命令来清理缓存,例子如下所示:
清除所有缓存
1 | /usr/local/varnish/bin/varnishadm -T 192.168.1.103:3500 url.purge *$ |
清除image目录下所有缓存
1 | /usr/local/varnish/bin/varnishadm -T 192.168.1.103:3500 url.purge /image/ |
查看最近清除的详细url列表,可执行如下命令:
1 | /usr/local/varnish/bin/varnishadm –T 192.168.1.103:3500 purge.list |
另外,缓存命中率的高低直接说明了varnish的运行状态和效果,如果缓存率命中率过低,我们应该对varnish配置进行检查调整来进行提高,查看其命中率命令如下所示:
1 | /usr/local/varnish/bin/varnishstat -n /data/varnish/cache |
八、内核优化如下所示:
编辑/etc/sysctl.conf,添加如下选项:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 | net.ipv4.tcp_syncookies = 1 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_tw_recycle = 1 net.ipv4.ip_local_port_range = 1024 65000 net.ipv4.tcp_max_syn_backlog = 8192 net.ipv4.tcp_max_tw_buckets = 5000 net.ipv4.tcp_max_syn_backlog = 65536 net.core.netdev_max_backlog = 32768 net.core.somaxconn = 32768 net.core.wmem_default = 8388608 net.core.rmem_default = 8388608 net.core.rmem_max = 16777216 net.core.wmem_max = 16777216 net.ipv4.tcp_timestamps = 0 net.ipv4.tcp_synack_retries = 2 net.ipv4.tcp_syn_retries = 2 net.ipv4.tcp_tw_recycle = 1 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_mem = 94500000 915000000 927000000 net.ipv4.tcp_max_orphans = 3276800 |
执行如下命令,让改动配置立即生效:
1 | /sbin/sysctl –p |
注意:老生常谈的ulimit的问题,这个话题说得太多了,这里实在不想再提了,记得将在/etc/rc.local添加如下内容:
1 | ulimit –SHn 65535 |
目录 返回
首页